On Sun, Jun 05, 2005 at 12:22:07PM +1000, Brian May wrote: > As far as I can tell from reading the bug report, the bug has not been > fixed in sarge, will not be fixed for the release, but the bug has > been closed. > > Have we come to the point where making a release is more important > then fixing known security bugs? > > Does this mean people who want secure pre-compiled kernels have to > resort to unstable until the issue is fixed?
woody's kernels are vulnerable to CAN-2004-1235, a uselib() race condition. The bug became public in January. I emailed [EMAIL PROTECTED] after I got hacked last month, but there was no reply. Hamish -- Hamish Moffatt VK3SB <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
